summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorclemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2010-01-15 19:40:30 +0000
committerclemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2010-01-15 19:40:30 +0000
commit050d499f8136d711a2fb4856adc3083c61b5b12f (patch)
tree142b2bf21cd22f8003728e49093e5aa401adb598
parente3830cd53bab8bc87e07fd852522bf892a03db36 (diff)
downloadmocca-050d499f8136d711a2fb4856adc3083c61b5b12f.tar.gz
mocca-050d499f8136d711a2fb4856adc3083c61b5b12f.tar.bz2
mocca-050d499f8136d711a2fb4856adc3083c61b5b12f.zip
mocca security policy
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@573 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
-rw-r--r--BKUOnline/src/main/policy/50mocca.policy111
-rw-r--r--BKUOnline/src/main/resources/log4j.properties4
2 files changed, 57 insertions, 58 deletions
diff --git a/BKUOnline/src/main/policy/50mocca.policy b/BKUOnline/src/main/policy/50mocca.policy
index fc14f825..2d6bc13d 100644
--- a/BKUOnline/src/main/policy/50mocca.policy
+++ b/BKUOnline/src/main/policy/50mocca.policy
@@ -18,15 +18,17 @@
// || IMPORTANT: REVIEW AND ADAPT TO YOUR NEEDS PRIOR TO INSTALLATION
// =========================================================================
//
+// (set -Djava.security.debug=access,failure and search for "FAILED")
+//
//
// ========== MOCCA CODE PERMISSIONS =======================================
//
-// replace /home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT
+// replace ${catalina.base}/webapps/bkuonline
// with ${catalina.base}/webapps/<mocca_context>
-// replace /usr/share/java/xercesImpl.jar
-// with <path_to_endorsed_xerces> (if not in jre/lib/endorsed)
-// replace ${catalina.base}/work/Catalina/localhost/_
+// replace ${catalina.base}/work/Catalina/localhost/bkuonline
// with ${catalina.base}/work/Catalina/localhost/<mocca_context> (the path to the compiled JSPs, excl. package dir: org/apache/jsp/)
+// replace version info in utils-1.2.10.jar and bkucommon-1.2.10.jar
+// with current version
// replace apps.egiz.gv.at
// with <DataURL_host:DataURL_port>
// replace localhost:8080
@@ -46,17 +48,17 @@
//
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
permission java.lang.RuntimePermission "accessClassInPackage.sun.util.logging.resources";
- permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/logging.properties", "read";
+ permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/logging.properties", "read";
};
-grant codeBase "file:${catalina.base}/work/Catalina/localhost/_" {
+grant codeBase "file:${catalina.base}/work/Catalina/localhost/bkuonline" {
permission java.io.FilePermission "/helpfiles/-", "read";
permission java.lang.RuntimePermission "defineClassInPackage.org.apache.jasper.runtime";
};
// =========== MOCCA grants
//
-grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/-" {
+grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/classes/-" {
permission java.security.AllPermission;
// permission java.io.FilePermission "${catalina.base}/logs", "read, write";
// permission java.io.FilePermission "${catalina.base}/logs/*", "read, write";
@@ -65,7 +67,7 @@ grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.
// permission java.util.PropertyPermission "com.sun.xml.ws.transport.http.HttpAdapter.dump", "write";
};
-grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/-" {
+grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/-" {
// the log4j configuration might want to write logs to ${catalina.base}/logs/bkuonline.log
permission java.io.FilePermission "${catalina.base}/logs", "read, write";
permission java.io.FilePermission "${catalina.base}/logs/*", "read, write";
@@ -73,28 +75,27 @@ grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.
};
-grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/utils-1.1.2-SNAPSHOT.jar" {
+grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/utils-1.2.10.jar" {
permission java.util.PropertyPermission "*", "read";
permission java.net.SocketPermission "www.a-trust.at:80", "connect, resolve";
permission java.net.SocketPermission "ksp.ecard.sozialversicherung.gv.at:80", "connect,resolve";
- permission java.net.SocketPermission "localhost:8080", "connect, resolve";
+// permission java.net.SocketPermission "localhost:8080", "connect, resolve";
permission java.net.SocketPermission "www.xslt-stylesheet-include-url.org:80", "connect, resolve";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};
-grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/bkucommon-1.1.2-SNAPSHOT.jar" {
- permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/online/conf/certs/certStore", "write";
- permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/online/conf/certs/certStore/-", "write";
- permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/online/conf/certs/certStore/toBeAdded/-", "delete";
- permission java.io.FilePermission "/usr/share/java/xercesImpl.jar", "read";
+grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/bkucommon-1.2.10.jar" {
+ permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write";
+ permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write";
+ permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete";
permission java.io.FilePermission "../conf/secret.xml", "read";
permission java.net.SocketPermission "apps.egiz.gv.at:443", "connect, resolve";
permission java.net.SocketPermission "www.a-trust.at:80", "connect, resolve";
permission java.net.SocketPermission "ksp.ecard.sozialversicherung.gv.at:80", "connect,resolve";
permission java.net.SocketPermission "ldap.a-trust.at:389", "connect, resolve";
permission java.net.SocketPermission "ocsp.ecard.sozialversicherung.at:80", "connect, resolve";
- permission java.net.SocketPermission "localhost:8080", "connect, resolve";
+// permission java.net.SocketPermission "localhost:8080", "connect, resolve";
permission java.net.SocketPermission "www.xslt-stylesheet-include-url.org:80", "connect, resolve";
permission java.net.NetPermission "specifyStreamHandler";
permission java.util.PropertyPermission "*", "read, write";
@@ -118,7 +119,7 @@ grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};
-grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/iaik_jce_full_signed-3.16.jar" {
+grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/iaik_jce_full_signed-3.16.jar" {
permission java.util.PropertyPermission "*", "read, write";
permission java.security.SecurityPermission "insertProvider.IAIK";
permission java.security.SecurityPermission "putProviderProperty.IAIK";
@@ -127,13 +128,12 @@ grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.
permission java.net.SocketPermission "ocsp.ecard.sozialversicherung.at:80", "connect, resolve";
};
-grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/iaik_ecc_signed-2.15.jar" {
+grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/iaik_ecc_signed-2.15.jar" {
permission java.security.SecurityPermission "insertProvider.IAIK_ECC";
permission java.security.SecurityPermission "putProviderProperty.IAIK_ECC";
};
-grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/iaik_xsect-1.14.jar" {
- permission java.io.FilePermission "/usr/share/java/xercesImpl.jar", "read";
+grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/iaik_xsect-1.14.jar" {
permission java.util.PropertyPermission "*", "read, write";
permission java.security.SecurityPermission "insertProvider.IAIK";
permission java.security.SecurityPermission "putProviderProperty.IAIK";
@@ -144,10 +144,10 @@ grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.
permission java.security.SecurityPermission "removeProvider.XMLDSig";
};
-grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/iaik_pki-1.0-MOCCA.jar" {
- permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/online/conf/certs/certStore", "write";
- permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/online/conf/certs/certStore/-", "write";
- permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/online/conf/certs/certStore/toBeAdded/-", "delete";
+grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/iaik_pki-1.0-MOCCA.jar" {
+ permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write";
+ permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write";
+ permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete";
permission java.net.SocketPermission "www.a-trust.at:80", "connect, resolve";
permission java.net.SocketPermission "ldap.a-trust.at:389", "connect, resolve";
permission java.net.SocketPermission "ocsp.ecard.sozialversicherung.at:80", "connect, resolve";
@@ -155,38 +155,40 @@ grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.
permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.protocol.ldap";
};
-grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/xalan-2.7.1.jar" {
+grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/xalan-2.7.1.jar" {
permission java.io.FilePermission "${java.home}/lib/xalan.properties", "read";
permission java.util.PropertyPermission "*", "read";
permission java.lang.RuntimePermission "getClassLoader";
};
-grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/serializer-2.7.1.jar" {
+grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/serializer-2.7.1.jar" {
permission java.util.PropertyPermission "*", "read";
permission java.lang.RuntimePermission "getClassLoader";
};
// allow xsl:include from the specified URL
-grant codeBase "jar:file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/xalan-2.7.1.jar!/org/apache/xalan/processor/-" {
+grant codeBase "jar:file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/xalan-2.7.1.jar!/org/apache/xalan/processor/-" {
permission java.net.SocketPermission "www.xslt-stylesheet-include-url.org:80", "connect, resolve";
};
// allow XSLT document function to reference the specified URL
-grant codeBase "jar:file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/xalan-2.7.1.jar!/org/apache/xalan/xsltc/dom/LoadDocument.class" {
+grant codeBase "jar:file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/xalan-2.7.1.jar!/org/apache/xalan/xsltc/dom/LoadDocument.class" {
permission java.io.FilePermission "../conf/secret.xml", "read";
};
// use tomcat/jre endorsed xerces instead
-grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/xercesImpl-2.9.1.jar" {
+grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/xercesImpl-2.9.1.jar" {
permission java.io.FilePermission "${java.home}/lib/xerces.properties", "read";
- permission java.io.FilePermission "../conf/secret.xml", "read";
- permission java.net.SocketPermission "www.xslt-stylesheet-include-url.org:80", "connect, resolve";
+// permission java.io.FilePermission "../conf/secret.xml", "read";
+// permission java.net.SocketPermission "www.xslt-stylesheet-include-url.org:80", "connect, resolve";
permission java.util.PropertyPermission "*", "read";
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.*";
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "accessDeclaredMembers";
};
-grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/commons-logging-1.1.1.jar" {
+grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/commons-logging-1.1.1.jar" {
permission java.util.PropertyPermission "org.apache.commons.logging.*", "read";
permission java.util.PropertyPermission "log4j.*", "read";
permission java.util.PropertyPermission "catalina.base", "read";
@@ -194,23 +196,22 @@ grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.
permission java.lang.RuntimePermission "defineClassInPackage.java.lang";
};
-grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/log4j-1.2.12.jar" {
- permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/log4j.properties", "read";
+grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/log4j-1.2.12.jar" {
+ permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/log4j.properties", "read";
// allow log4j to read its own properties
permission java.util.PropertyPermission "log4j.*", "read";
permission java.util.PropertyPermission "catalina.base", "read";
permission java.lang.RuntimePermission "defineClassInPackage.java.lang";
};
-grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/spring-core-2.5.5.jar" {
+grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/spring-core-2.5.5.jar" {
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission "modifyThread";
};
-grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/spring-web-2.5.5.jar" {
- permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/online/conf/certs/certStore", "write";
- permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/online/conf/certs/certStore/-", "write";
- permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/online/conf/certs/certStore/toBeAdded/-", "delete";
- permission java.io.FilePermission "/usr/share/java/xercesImpl.jar", "read";
+grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/spring-web-2.5.5.jar" {
+ permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write";
+ permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write";
+ permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete";
permission java.security.SecurityPermission "insertProvider.IAIK";
permission java.security.SecurityPermission "putProviderProperty.IAIK";
permission java.security.SecurityPermission "removeProvider.IAIK";
@@ -230,11 +231,10 @@ grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.
permission java.lang.RuntimePermission "defineClassInPackage.java.lang";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};
-grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/spring-beans-2.5.5.jar" {
- permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/online/conf/certs/certStore", "write";
- permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/online/conf/certs/certStore/-", "write";
- permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/online/conf/certs/certStore/toBeAdded/-", "delete";
- permission java.io.FilePermission "/usr/share/java/xercesImpl.jar", "read";
+grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/spring-beans-2.5.5.jar" {
+ permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write";
+ permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write";
+ permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete";
permission java.security.SecurityPermission "insertProvider.IAIK";
permission java.security.SecurityPermission "putProviderProperty.IAIK";
permission java.security.SecurityPermission "removeProvider.IAIK";
@@ -253,11 +253,10 @@ grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.
permission java.lang.RuntimePermission "defineClassInPackage.java.lang";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};
-grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/spring-context-2.5.5.jar" {
- permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/online/conf/certs/certStore", "write";
- permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/online/conf/certs/certStore/-", "write";
- permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/online/conf/certs/certStore/toBeAdded/-", "delete";
- permission java.io.FilePermission "/usr/share/java/xercesImpl.jar", "read";
+grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/spring-context-2.5.5.jar" {
+ permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write";
+ permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write";
+ permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete";
permission java.security.SecurityPermission "insertProvider.IAIK";
permission java.security.SecurityPermission "putProviderProperty.IAIK";
permission java.security.SecurityPermission "removeProvider.IAIK";
@@ -278,7 +277,7 @@ grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};
-grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/jaxws-rt-2.1.5.jar" {
+grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/jaxws-rt-2.1.5.jar" {
// need write access to set disableCaptureStackTrace and HttpAdapter.dump
permission java.util.PropertyPermission "com.sun.xml.ws.*", "read, write";
permission java.util.PropertyPermission "com.sun.xml.bind.*", "read";
@@ -302,19 +301,19 @@ grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};
-grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/jaxb-impl-2.1.9.jar" {
+grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/jaxb-impl-2.1.9.jar" {
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.util.PropertyPermission "com.sun.xml.bind.v2.*", "read";
permission java.util.PropertyPermission "user.dir", "read";
};
-grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/commons-httpclient-3.1.jar" {
+grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/commons-httpclient-3.1.jar" {
permission java.util.PropertyPermission "*", "read";
};
// ======== NETBEANS
-grant codeBase "file:${catalina.base}/nblib/-" {
- permission java.security.AllPermission;
-}; \ No newline at end of file
+//grant codeBase "file:${catalina.base}/nblib/-" {
+// permission java.security.AllPermission;
+//}; \ No newline at end of file
diff --git a/BKUOnline/src/main/resources/log4j.properties b/BKUOnline/src/main/resources/log4j.properties
index 40133c83..d4a03fe7 100644
--- a/BKUOnline/src/main/resources/log4j.properties
+++ b/BKUOnline/src/main/resources/log4j.properties
@@ -15,8 +15,8 @@
#log4j.rootLogger=DEBUG, STDOUT, file
-log4j.rootLogger=TRACE, file
-#log4j.logger.at.gv = INFO
+log4j.rootLogger=INFO, file
+#log4j.logger.at.gv=TRACE
# STDOUT appender